Lucene search
+L

5811 matches found

CNNVD
CNNVD
added 2026/04/30 12:0 a.m.13 views

JeeSite 路径遍历漏洞

JeeSite is a Java rapid development platform open-sourced by Jinan Zhuoyuan thinkgem. Version JeeSite 5.15.1 contains a path traversal vulnerability, which stems from issues with the fileMd5 parameter in the /a/file/upload endpoint. This vulnerability could allow authenticated attackers with file...

9.6CVSS5.9AI score0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 5:16 p.m.9 views

CVE-2026-6914

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

7.5CVSS0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/04/29 5:16 p.m.9 views

UBUNTU-CVE-2026-6914

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/29 4:47 p.m.40 views

CVE-2026-6914 MD5 checksum creation may cause availability loss

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

7.1CVSS0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/04/29 4:47 p.m.2 views

CVE-2026-6914 MD5 checksum creation may cause availability loss

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

7.1CVSS5.9AI score0.00255EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35956

Name of the Vulnerable Software and Affected Versions MongoDB Server versions 8.2 MongoDB Server versions 8.1 MongoDB Server versions prior to 8.0.21 MongoDB Server versions prior to 7.0.32 Description Computing the MD5 checksum of a malformed BSON Binary JSON object under specific conditions may...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/27 8:30 a.m.6 views

CVE-2026-7103

A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file updateuser.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's...

6.3CVSS4.6AI score0.00188EPSS
Exploits0References6Affected Software1
Fedora
Fedora
added 2026/04/25 1:52 a.m.17 views

[SECURITY] Fedora 44 Update: libgsasl-1.10.0-15.fc44

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms...

8.1CVSS7.3AI score0.01394EPSS
Exploits0
EUVD
EUVD
added 2026/04/21 3:1 p.m.11 views

EUVD-2026-24137

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...

9.3CVSS5.8AI score0.00571EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 1:38 a.m.2 views

CVE-2026-40496

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: md5APPKEY + attachmentid + size. Since attachmentid is sequential and size can be brute-forced in a small range, an unauthenticate...

9.3CVSS5.7AI score0.00403EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.9 views

PT-2026-33992

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APP KEY, which is exposed ...

9.3CVSS5.8AI score0.00571EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.6 views

nginx 0.5.15 < 1.28.3 / 1.29.x < 1.29.7 NULL Pointer Dereference

The installed version of nginx is 0.5.15 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue: - When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue m...

8.7CVSS7.3AI score0.00921EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/15 9:9 p.m.2 views

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

8.7CVSS6.9AI score0.00921EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.7 views

CVE-2026-33710

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/13 9:31 a.m.14 views

EUVD-2026-21885

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

9.1CVSS5.7AI score0.00339EPSS
Exploits0References4
NVD
NVD
added 2026/04/13 7:16 a.m.7 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

9.1CVSS0.00339EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/13 6:56 a.m.2 views

CVE-2026-5085 Solstice::Session versions through 1440 for Perl generates session ids insecurely

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

5.7AI score0.00339EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:56 a.m.3 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

5.7AI score0.00339EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/10 6:59 p.m.4 views

CVE-2026-33710 Chamilo LMS has Weak REST API Key Generation (Predictable)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-32024

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + user id 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + user id5 - 10000. An attacker wh...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References4
Rows per page
Query Builder